Logo Hardware.com.br
WehaveallGHD
WehaveallGHD Novo Membro Registrado
20 Mensagens 0 Curtidas

AVZ diz que arquivos importantes foram sequestrados: APICodeHijack

#1 Por WehaveallGHD 17/07/2010 - 11:04
Pessoal, é o seguinte. Baixei o programa AVZ Antiviral Toolkit (Recomendado aqui no fórum de dicas e reviews e tentei rodar. Meu pc parece estar limpo, nenhum antivirus ou antimalware diz nada, tudo rodando legal, mas esse aqui me deixou encucado.

1. Não consegui habilitar o AVZ guard, dá esse erro: AVZ Guard error: C000036B

2. O Scan na Unidade c não termina nunca, sempre que chega na pasta C:\Users ou C:\Documents and Settings ele não sai delas, parece que as patas vão se duplicando e criando subdiretórios iguais ao infinito.

3. Pra me matar do coração, o log, sem escanear os discos diz que vários arquivos imposrtantes do sistema estão hijackeados:

AVZ Antiviral Toolkit log; AVZ version is 4.34
Scanning started at 17/07/2010 10:57:28
Database loaded: signatures - 275419, NN profile(s) - 2, malware removal microprograms - 56, signature database released 08.07.2010 09:40
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 213048
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7600, ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:CopyFileA (114) intercepted, method - APICodeHijack.JmpTo[10025B56]
Function kernel32.dll:CopyFileExA (115) intercepted, method - APICodeHijack.JmpTo[10025B16]
Function kernel32.dll:CopyFileExW (116) intercepted, method - APICodeHijack.JmpTo[10025AF6]
Function kernel32.dll:CopyFileW (119) intercepted, method - APICodeHijack.JmpTo[10025B36]
Function kernel32.dll:CreateFileA (138) intercepted, method - APICodeHijack.JmpTo[10025B96]
Function kernel32.dll:CreateFileW (145) intercepted, method - APICodeHijack.JmpTo[10025B76]
Function kernel32.dll:CreateProcessA (166) intercepted, method - APICodeHijack.JmpTo[10025DF6]
Function kernel32.dll:CreateProcessW (170) intercepted, method - APICodeHijack.JmpTo[10025DD6]
Function kernel32.dllbig_green.pngeleteFileA (213) intercepted, method - APICodeHijack.JmpTo[10025A16]
Function kernel32.dllbig_green.pngeleteFileW (216) intercepted, method - APICodeHijack.JmpTo[100259F6]
Function kernel32.dll:GetModuleHandleA (535) intercepted, method - APICodeHijack.JmpTo[100259D6]
Function kernel32.dll:GetModuleHandleW (538) intercepted, method - APICodeHijack.JmpTo[100259B6]
Function kernel32.dll:GetProcAddress (583) intercepted, method - APICodeHijack.JmpTo[10025C36]
Function kernel32.dll:LoadLibraryA (829) intercepted, method - APICodeHijack.JmpTo[10025996]
Function kernel32.dll:LoadLibraryExA (830) intercepted, method - APICodeHijack.JmpTo[10025BF6]
Function kernel32.dll:LoadLibraryExW (831) intercepted, method - APICodeHijack.JmpTo[10025BD6]
Function kernel32.dll:LoadLibraryW (832) intercepted, method - APICodeHijack.JmpTo[10025976]
Function kernel32.dll:LoadModule (833) intercepted, method - APICodeHijack.JmpTo[10025C16]
Function kernel32.dll:MoveFileA (863) intercepted, method - APICodeHijack.JmpTo[10025AD6]
Function kernel32.dll:MoveFileExA (864) intercepted, method - APICodeHijack.JmpTo[10025A96]
Function kernel32.dll:MoveFileExW (865) intercepted, method - APICodeHijack.JmpTo[10025A76]
Function kernel32.dll:MoveFileW (868) intercepted, method - APICodeHijack.JmpTo[10025AB6]
Function kernel32.dll:MoveFileWithProgressA (869) intercepted, method - APICodeHijack.JmpTo[10025A56]
Function kernel32.dll:MoveFileWithProgressW (870) intercepted, method - APICodeHijack.JmpTo[10025A36]
Function kernel32.dll:OpenFile (887) intercepted, method - APICodeHijack.JmpTo[10025BB6]
Function kernel32.dll:WinExec (1299) intercepted, method - APICodeHijack.JmpTo[10025956]
Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:LdrGetProcedureAddress (130) intercepted, method - APICodeHijack.JmpTo[10025C96]
Function ntdll.dll:LdrLoadDll (137) intercepted, method - APICodeHijack.JmpTo[100234B6]
Function ntdll.dll:LdrUnloadDll (161) intercepted, method - APICodeHijack.JmpTo[1001CFD6]
Function ntdll.dll:NtAdjustPrivilegesToken (190) intercepted, method - APICodeHijack.JmpTo[10027F46]
Function ntdll.dll:NtAllocateVirtualMemory (197) intercepted, method - APICodeHijack.JmpTo[10025D16]
Function ntdll.dll:NtAlpcConnectPort (200) intercepted, method - APICodeHijack.JmpTo[10028966]
Function ntdll.dll:NtClose (228) intercepted, method - APICodeHijack.JmpTo[1001CEB6]
Function ntdll.dll:NtConnectPort (237) intercepted, method - APICodeHijack.JmpTo[1002B496]
Function ntdll.dll:NtCreateFile (244) intercepted, method - APICodeHijack.JmpTo[10025D96]
Function ntdll.dll:NtCreateProcess (257) intercepted, method - APICodeHijack.JmpTo[10025E36]
Function ntdll.dll:NtCreateProcessEx (258) intercepted, method - APICodeHijack.JmpTo[10025E16]
Function ntdll.dll:NtCreateSection (262) intercepted, method - APICodeHijack.JmpTo[1002A316]
Function ntdll.dll:NtCreateSymbolicLinkObject (264) intercepted, method - APICodeHijack.JmpTo[10027B66]
Function ntdll.dll:NtCreateThread (265) intercepted, method - APICodeHijack.JmpTo[1002BC66]
Function ntdll.dll:NtCreateThreadEx (266) intercepted, method - APICodeHijack.JmpTo[100285C6]
Function ntdll.dll:NtDeleteFile (281) intercepted, method - APICodeHijack.JmpTo[10025D56]
Function ntdll.dll:NtFreeVirtualMemory (310) intercepted, method - APICodeHijack.JmpTo[10025C56]
Function ntdll.dll:NtLoadDriver (335) intercepted, method - APICodeHijack.JmpTo[10025CF6]
Function ntdll.dll:NtMakeTemporaryObject (344) intercepted, method - APICodeHijack.JmpTo[1002AE06]
Function ntdll.dll:NtOpenFile (359) intercepted, method - APICodeHijack.JmpTo[10025D76]
Function ntdll.dll:NtOpenSection (374) intercepted, method - APICodeHijack.JmpTo[1002A946]
Function ntdll.dll:NtProtectVirtualMemory (395) intercepted, method - APICodeHijack.JmpTo[10025D36]
Function ntdll.dll:NtSetInformationProcess (513) intercepted, method - APICodeHijack.JmpTo[10025CB6]
Function ntdll.dll:NtSetSystemInformation (530) intercepted, method - APICodeHijack.JmpTo[1002B046]
Function ntdll.dll:NtShutdownSystem (540) intercepted, method - APICodeHijack.JmpTo[100281F6]
Function ntdll.dll:NtSystemDebugControl (548) intercepted, method - APICodeHijack.JmpTo[1002AC06]
Function ntdll.dll:NtTerminateProcess (550) intercepted, method - APICodeHijack.JmpTo[1002B806]
Function ntdll.dll:NtTerminateThread (551) intercepted, method - APICodeHijack.JmpTo[1002BA26]
Function ntdll.dll:NtUnloadDriver (559) intercepted, method - APICodeHijack.JmpTo[10025CD6]
Function ntdll.dll:NtWriteVirtualMemory (598) intercepted, method - APICodeHijack.JmpTo[10025DB6]
Function ntdll.dll:RtlAllocateHeap (645) intercepted, method - APICodeHijack.JmpTo[10025C76]
Function ntdll.dll:ZwAdjustPrivilegesToken (1441) intercepted, method - APICodeHijack.JmpTo[10027F46]
Function ntdll.dll:ZwAllocateVirtualMemory (1448) intercepted, method - APICodeHijack.JmpTo[10025D16]
Function ntdll.dll:ZwAlpcConnectPort (1451) intercepted, method - APICodeHijack.JmpTo[10028966]
Function ntdll.dll:ZwClose (1479) intercepted, method - APICodeHijack.JmpTo[1001CEB6]
Function ntdll.dll:ZwConnectPort (1488) intercepted, method - APICodeHijack.JmpTo[1002B496]
Function ntdll.dll:ZwCreateFile (1495) intercepted, method - APICodeHijack.JmpTo[10025D96]
Function ntdll.dll:ZwCreateProcess (1508) intercepted, method - APICodeHijack.JmpTo[10025E36]
Function ntdll.dll:ZwCreateProcessEx (1509) intercepted, method - APICodeHijack.JmpTo[10025E16]
Function ntdll.dll:ZwCreateSection (1513) intercepted, method - APICodeHijack.JmpTo[1002A316]
Function ntdll.dll:ZwCreateSymbolicLinkObject (1515) intercepted, method - APICodeHijack.JmpTo[10027B66]
Function ntdll.dll:ZwCreateThread (1516) intercepted, method - APICodeHijack.JmpTo[1002BC66]
Function ntdll.dll:ZwCreateThreadEx (1517) intercepted, method - APICodeHijack.JmpTo[100285C6]
Function ntdll.dll:ZwDeleteFile (1531) intercepted, method - APICodeHijack.JmpTo[10025D56]
Function ntdll.dll:ZwFreeVirtualMemory (1560) intercepted, method - APICodeHijack.JmpTo[10025C56]
Function ntdll.dll:ZwLoadDriver (1584) intercepted, method - APICodeHijack.JmpTo[10025CF6]
Function ntdll.dll:ZwMakeTemporaryObject (1593) intercepted, method - APICodeHijack.JmpTo[1002AE06]
Function ntdll.dll:ZwOpenFile (1608) intercepted, method - APICodeHijack.JmpTo[10025D76]
Function ntdll.dll:ZwOpenSection (1623) intercepted, method - APICodeHijack.JmpTo[1002A946]
Function ntdll.dll:ZwProtectVirtualMemory (1644) intercepted, method - APICodeHijack.JmpTo[10025D36]
Function ntdll.dll:ZwSetInformationProcess (1762) intercepted, method - APICodeHijack.JmpTo[10025CB6]
Function ntdll.dll:ZwSetSystemInformation (1779) intercepted, method - APICodeHijack.JmpTo[1002B046]
Function ntdll.dll:ZwShutdownSystem (1789) intercepted, method - APICodeHijack.JmpTo[100281F6]
Function ntdll.dll:ZwSystemDebugControl (1797) intercepted, method - APICodeHijack.JmpTo[1002AC06]
Function ntdll.dll:ZwTerminateProcess (1799) intercepted, method - APICodeHijack.JmpTo[1002B806]
Function ntdll.dll:ZwTerminateThread (1800) intercepted, method - APICodeHijack.JmpTo[1002BA26]
Function ntdll.dll:ZwUnloadDriver (1808) intercepted, method - APICodeHijack.JmpTo[10025CD6]
Function ntdll.dll:ZwWriteVirtualMemory (1847) intercepted, method - APICodeHijack.JmpTo[10025DB6]
Analysis: user32.dll, export table found in section .text
Function user32.dll:BlockInput (1517) intercepted, method - APICodeHijack.JmpTo[100187E6]
Function user32.dllbig_green.pngefDlgProcA (1657) intercepted, method - ProcAddressHijack.GetProcAddress ->76BB5F5A->77B98954
Function user32.dllbig_green.pngefDlgProcW (1658) intercepted, method - ProcAddressHijack.GetProcAddress ->76BB5F75->77B83F44
Function user32.dllbig_green.pngefWindowProcA (1664) intercepted, method - ProcAddressHijack.GetProcAddress ->76BB5F90->77B628B3
Function user32.dllbig_green.pngefWindowProcW (1665) intercepted, method - ProcAddressHijack.GetProcAddress ->76BB5FAB->77B5243D
Function user32.dll:EnableWindow (1725) intercepted, method - APICodeHijack.JmpTo[10018336]
Function user32.dll:EndTask (1730) intercepted, method - APICodeHijack.JmpTo[10027416]
Function user32.dll:ExitWindowsEx (1754) intercepted, method - APICodeHijack.JmpTo[10018126]
Function user32.dll:GetAsyncKeyState (1772) intercepted, method - APICodeHijack.JmpTo[10019386]
Function user32.dll:GetClipboardData (1787) intercepted, method - APICodeHijack.JmpTo[100185D6]
Function user32.dll:GetKeyState (1826) intercepted, method - APICodeHijack.JmpTo[10019636]
Function user32.dll:GetKeyboardState (1831) intercepted, method - APICodeHijack.JmpTo[100198E6]
Function user32.dll:MoveWindow (2052) intercepted, method - APICodeHijack.JmpTo[10018E86]
Function user32.dll:PostMessageA (2078) intercepted, method - APICodeHijack.JmpTo[1001C126]
Function user32.dll:PostMessageW (2079) intercepted, method - APICodeHijack.JmpTo[1001BE86]
Function user32.dll:PostThreadMessageA (2081) intercepted, method - APICodeHijack.JmpTo[1001BBE6]
Function user32.dll:PostThreadMessageW (2082) intercepted, method - APICodeHijack.JmpTo[1001B946]
Function user32.dll:RegisterRawInputDevices (2115) intercepted, method - APICodeHijack.JmpTo[10019166]
Function user32.dll:SendDlgItemMessageA (2139) intercepted, method - APICodeHijack.JmpTo[1001A116]
Function user32.dll:SendDlgItemMessageW (2140) intercepted, method - APICodeHijack.JmpTo[10019E66]
Function user32.dll:SendInput (2143) intercepted, method - APICodeHijack.JmpTo[10019B96]
Function user32.dll:SendMessageA (2144) intercepted, method - APICodeHijack.JmpTo[1001B6A6]
Function user32.dll:SendMessageCallbackA (2145) intercepted, method - APICodeHijack.JmpTo[1001ABC6]
Function user32.dll:SendMessageCallbackW (2146) intercepted, method - APICodeHijack.JmpTo[1001A906]
Function user32.dll:SendMessageTimeoutA (2147) intercepted, method - APICodeHijack.JmpTo[1001B146]
Function user32.dll:SendMessageTimeoutW (2148) intercepted, method - APICodeHijack.JmpTo[1001AE86]
Function user32.dll:SendMessageW (2149) intercepted, method - APICodeHijack.JmpTo[1001B406]
Function user32.dll:SendNotifyMessageA (2150) intercepted, method - APICodeHijack.JmpTo[1001A666]
Function user32.dll:SendNotifyMessageW (2151) intercepted, method - APICodeHijack.JmpTo[1001A3C6]
Function user32.dll:SetClipboardViewer (2160) intercepted, method - APICodeHijack.JmpTo[100189E6]
Function user32.dll:SetParent (2191) intercepted, method - APICodeHijack.JmpTo[10018BE6]
Function user32.dll:SetWinEventHook (2216) intercepted, method - APICodeHijack.JmpTo[1001C3C6]
Function user32.dll:SetWindowsHookExA (2231) intercepted, method - APICodeHijack.JmpTo[1001C926]
Function user32.dll:SetWindowsHookExW (2232) intercepted, method - APICodeHijack.JmpTo[1001C6D6]
Function user32.dll:keybd_event (2329) intercepted, method - APICodeHijack.JmpTo[100247F6]
Function user32.dll:mouse_event (2330) intercepted, method - APICodeHijack.JmpTo[100245E6]
Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:AddMandatoryAce (1029) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE24B5->7679C334
Function advapi32.dll:CreateProcessAsUserA (1125) intercepted, method - APICodeHijack.JmpTo[1001FF36]
Function advapi32.dll:CreateProcessAsUserW (1126) intercepted, method - APICodeHijack.JmpTo[1001F726]
Function advapi32.dll:I_QueryTagInformation (1361) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2655->770B72D8
Function advapi32.dll:I_ScIsSecurityProcess (1362) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE268C->770B733F
Function advapi32.dll:I_ScPnPGetServiceName (1363) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE26C3->770B7C40
Function advapi32.dll:I_ScQueryServiceConfig (1364) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE26FA->770B5F8A
Function advapi32.dll:I_ScSendPnPMessage (1365) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2732->770B5E7D
Function advapi32.dll:I_ScSendTSMessage (1366) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2766->770B71C5
Function advapi32.dll:I_ScValidatePnPService (1369) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2799->770B6B9D
Function advapi32.dll:IsValidRelativeSecurityDescriptor (1389) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE27D1->7679C5DF
Function advapi32.dll:PerfCreateInstance (1515) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2858->72F42187
Function advapi32.dll:PerfDecrementULongCounterValue (1516) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2871->72F42A1D
Function advapi32.dll:PerfDecrementULongLongCounterValue (1517) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2896->72F42B3C
Function advapi32.dll:PerfDeleteInstance (1519) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE28BF->72F42259
Function advapi32.dll:PerfIncrementULongCounterValue (1522) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE28D8->72F427B9
Function advapi32.dll:PerfIncrementULongLongCounterValue (1523) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE28FD->72F428D6
Function advapi32.dll:PerfQueryInstance (1528) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2926->72F42373
Function advapi32.dll:PerfSetCounterRefValue (1529) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE293E->72F42447
Function advapi32.dll:PerfSetCounterSetInfo (1530) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE295B->72F420B0
Function advapi32.dll:PerfSetULongCounterValue (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2977->72F42565
Function advapi32.dll:PerfSetULongLongCounterValue (1532) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2996->72F42680
Function advapi32.dll:PerfStartProvider (1533) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE29B9->72F41FED
Function advapi32.dll:PerfStartProviderEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE29D1->72F41F34
Function advapi32.dll:PerfStopProvider (1535) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE29EB->72F42026
Function advapi32.dll:SystemFunction035 (1753) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE2A3C->73F73EA8
Analysis: ws2_32.dll, export table found in section .text
Function ws2_32.dll:WSASocketA (99) intercepted, method - APICodeHijack.JmpTo[10025856]
Function ws2_32.dll:WSASocketW (100) intercepted, method - APICodeHijack.JmpTo[10025836]
Analysis: wininet.dll, export table found in section .text
Function wininet.dll:InternetConnectA (231) intercepted, method - APICodeHijack.JmpTo[10025896]
Function wininet.dll:InternetConnectW (232) intercepted, method - APICodeHijack.JmpTo[10025876]
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Function urlmon.dll:URLDownloadToCacheFileA (216) intercepted, method - APICodeHijack.JmpTo[100257D6]
Function urlmon.dll:URLDownloadToCacheFileW (217) intercepted, method - APICodeHijack.JmpTo[100257B6]
Function urlmon.dll:URLDownloadToFileA (218) intercepted, method - APICodeHijack.JmpTo[10025816]
Function urlmon.dll:URLDownloadToFileW (219) intercepted, method - APICodeHijack.JmpTo[100257F6]
Analysis: netapi32.dll, export table found in section .text
Function netapi32.dllbig_green.pngavAddConnection (1) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B10->72F329DD
Function netapi32.dllbig_green.pngavDeleteConnection (2) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B29->72F3181B
Function netapi32.dllbig_green.pngavFlushFile (3) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B45->72F31713
Function netapi32.dllbig_green.pngavGetExtendedError (4) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B5A->72F32347
Function netapi32.dllbig_green.pngavGetHTTPFromUNCPath (5) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B76->72F3275B
Function netapi32.dllbig_green.pngavGetUNCFromHTTPPath (6) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3B94->72F3257D
Function netapi32.dllbig_green.pngsAddressToSiteNamesA (7) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3BB2->72D54A4D
Function netapi32.dllbig_green.pngsAddressToSiteNamesExA (8) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3BD1->72D54D79
Function netapi32.dllbig_green.pngsAddressToSiteNamesExW (9) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3BF2->72D55049
Function netapi32.dllbig_green.pngsAddressToSiteNamesW (10) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3C13->72D54C29
Function netapi32.dllbig_green.pngsDeregisterDnsHostRecordsA (11) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3C32->72D56DD9
Function netapi32.dllbig_green.pngsDeregisterDnsHostRecordsW (12) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3C57->72D56D59
Function netapi32.dllbig_green.pngsEnumerateDomainTrustsA (13) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3C7C->72D56771
Function netapi32.dllbig_green.pngsEnumerateDomainTrustsW (14) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3C9E->72D460BC
Function netapi32.dllbig_green.pngsGetDcCloseW (15) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3CC0->72D5495D
Function netapi32.dllbig_green.pngsGetDcNameA (16) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3CD7->72D55BB2
Function netapi32.dllbig_green.pngsGetDcNameW (17) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3CED->72D44CA8
Function netapi32.dllbig_green.pngsGetDcNameWithAccountA (18) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D03->72D555E9
Function netapi32.dllbig_green.pngsGetDcNameWithAccountW (19) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D24->72D44CD1
Function netapi32.dllbig_green.pngsGetDcNextA (20) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D45->72D54896
Function netapi32.dllbig_green.pngsGetDcNextW (21) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D5B->72D547ED
Function netapi32.dllbig_green.pngsGetDcOpenA (22) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D71->72D5473D
Function netapi32.dllbig_green.pngsGetDcOpenW (23) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D87->72D546AB
Function netapi32.dllbig_green.pngsGetDcSiteCoverageA (24) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3D9D->72D55239
Function netapi32.dllbig_green.pngsGetDcSiteCoverageW (25) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3DBB->72D55409
Function netapi32.dllbig_green.pngsGetForestTrustInformationW (26) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3DD9->72D56E6F
Function netapi32.dllbig_green.pngsGetSiteNameA (27) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3DFF->72D55B39
Function netapi32.dllbig_green.pngsGetSiteNameW (28) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3E17->72D45F24
Function netapi32.dllbig_green.pngsMergeForestTrustInformationW (29) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3E2F->72D56F71
Function netapi32.dllbig_green.pngsRoleAbortDownlevelServerUpgrade (30) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3E57->72F24339
Function netapi32.dllbig_green.pngsRoleCancel (31) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3E80->72F234A9
Function netapi32.dllbig_green.pngsRoleDcAsDc (32) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3E94->72F23EAD
Function netapi32.dllbig_green.pngsRoleDcAsReplica (33) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3EA8->72F23F99
Function netapi32.dllbig_green.pngsRoleDemoteDc (34) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3EC1->72F24189
Function netapi32.dllbig_green.pngsRoleDnsNameToFlatName (35) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3ED7->72F232B5
Function netapi32.dllbig_green.pngsRoleFreeMemory (36) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3EF6->72F219A9
Function netapi32.dllbig_green.pngsRoleGetDatabaseFacts (37) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3F0E->72F23651
Function netapi32.dllbig_green.pngsRoleGetDcOperationProgress (38) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3F2C->72F23351
Function netapi32.dllbig_green.pngsRoleGetDcOperationResults (39) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3F50->72F23401
Function netapi32.dllbig_green.pngsRoleGetPrimaryDomainInformation (40) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3F73->72F21F3D
Function netapi32.dllbig_green.pngsRoleIfmHandleFree (41) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3F9C->72F23539
Function netapi32.dllbig_green.pngsRoleServerSaveStateForUpgrade (42) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3FB7->72F235C9
Function netapi32.dllbig_green.pngsRoleUpgradeDownlevelServer (43) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC3FDE->72F24261
Function netapi32.dllbig_green.pngsValidateSubnetNameA (44) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4002->72D55AF9
Function netapi32.dllbig_green.pngsValidateSubnetNameW (45) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4021->72D549E1
Function netapi32.dll:I_BrowserDebugCall (46) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4040->72F124A9
Function netapi32.dll:I_BrowserDebugTrace (47) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC405B->72F12581
Function netapi32.dll:I_BrowserQueryEmulatedDomains (48) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4077->72F129F9
Function netapi32.dll:I_BrowserQueryOtherDomains (49) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC409D->72F122C1
Function netapi32.dll:I_BrowserQueryStatistics (50) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC40C0->72F12651
Function netapi32.dll:I_BrowserResetNetlogonState (51) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC40E1->72F123D1
Function netapi32.dll:I_BrowserResetStatistics (52) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4105->72F12729
Function netapi32.dll:I_BrowserServerEnum (53) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4126->72F120BF
Function netapi32.dll:I_BrowserSetNetlogonState (54) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4142->72F12919
Function netapi32.dll:I_DsUpdateReadOnlyServerDnsRecords (55) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4164->72D55569
Function netapi32.dll:I_NetAccountDeltas (56) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4190->72D563AB
Function netapi32.dll:I_NetAccountSync (57) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC41AC->72D563AB
Function netapi32.dll:I_NetChainSetClientAttributes (59) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC41C6->72D56FA6
Function netapi32.dll:I_NetChainSetClientAttributes2 (58) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC41ED->72D57029
Function netapi32.dll:I_NetDatabaseDeltas (60) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4215->72D56391
Function netapi32.dll:I_NetDatabaseRedo (61) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4232->72D56521
Function netapi32.dll:I_NetDatabaseSync (63) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC424D->72D56391
Function netapi32.dll:I_NetDatabaseSync2 (62) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4268->72D5639E
Function netapi32.dll:I_NetDfsGetVersion (64) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4284->73D97CA1
Function netapi32.dll:I_NetDfsIsThisADomainName (65) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC429E->72ED4E39
Function netapi32.dll:I_NetGetDCList (66) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC42BF->72D55D9C
Function netapi32.dll:I_NetGetForestTrustInformation (67) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC42D7->72D56EF1
Function netapi32.dll:I_NetLogonControl (69) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC42FF->72D563B8
Function netapi32.dll:I_NetLogonControl2 (68) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC431A->72D56439
Function netapi32.dll:I_NetLogonGetDomainInfo (70) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4336->72D464A4
Function netapi32.dll:I_NetLogonSamLogoff (71) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4357->72D56091
Function netapi32.dll:I_NetLogonSamLogon (72) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4374->72D55F39
Function netapi32.dll:I_NetLogonSamLogonEx (73) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4390->72D55FE1
Function netapi32.dll:I_NetLogonSamLogonWithFlags (74) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC43AE->72D4B22A
Function netapi32.dll:I_NetLogonSendToSam (75) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC43D3->72D56111
Function netapi32.dll:I_NetLogonUasLogoff (76) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC43F0->72D55EC9
Function netapi32.dll:I_NetLogonUasLogon (77) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC440D->72D55E53
Function netapi32.dll:I_NetServerAuthenticate (80) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4429->72D56191
Function netapi32.dll:I_NetServerAuthenticate2 (78) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC444A->72D56211
Function netapi32.dll:I_NetServerAuthenticate3 (79) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC446C->72D46393
Function netapi32.dll:I_NetServerGetTrustInfo (81) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC448E->72D56C61
Function netapi32.dll:I_NetServerPasswordGet (82) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC44AF->72D56B61
Function netapi32.dll:I_NetServerPasswordSet (84) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC44CF->72D56291
Function netapi32.dll:I_NetServerPasswordSet2 (83) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC44EF->72D56311
Function netapi32.dll:I_NetServerReqChallenge (85) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4510->72D46424
Function netapi32.dll:I_NetServerSetServiceBits (86) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4531->73D9426D
Function netapi32.dll:I_NetServerSetServiceBitsEx (87) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4552->73D96D11
Function netapi32.dll:I_NetServerTrustPasswordsGet (88) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4575->72D56BE1
Function netapi32.dll:I_NetlogonComputeClientDigest (89) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC459B->72D45C20
Function netapi32.dll:I_NetlogonComputeServerDigest (90) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC45C2->72D56AEC
Function netapi32.dll:NetAddAlternateComputerName (97) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC45E9->73D85B21
Function netapi32.dll:NetAddServiceAccount (98) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC460C->72D570B1
Function netapi32.dll:NetApiBufferAllocate (101) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC462A->73DB1415
Function netapi32.dll:NetApiBufferFree (102) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4648->73DB13D2
Function netapi32.dll:NetApiBufferReallocate (103) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4662->73DB3729
Function netapi32.dll:NetApiBufferSize (104) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4682->73DB3771
Function netapi32.dll:NetBrowserStatisticsGet (108) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC469C->72F12801
Function netapi32.dll:NetConnectionEnum (112) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC46BC->73D95521
Function netapi32.dll:NetDfsAdd (113) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC46D5->72ED78FD
Function netapi32.dll:NetDfsAddFtRoot (114) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC46E6->72ED6859
Function netapi32.dll:NetDfsAddRootTarget (115) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC46FD->72ED7401
Function netapi32.dll:NetDfsAddStdRoot (116) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4718->72ED2B1E
Function netapi32.dll:NetDfsAddStdRootForced (117) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4730->72ED2BB1
Function netapi32.dll:NetDfsEnum (118) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC474E->72ED70F9
Function netapi32.dll:NetDfsGetClientInfo (119) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4760->72ED3F25
Function netapi32.dll:NetDfsGetDcAddress (120) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC477B->72ED2C51
Function netapi32.dll:NetDfsGetFtContainerSecurity (121) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4795->72ED5363
Function netapi32.dll:NetDfsGetInfo (122) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC47B9->72ED2D69
Function netapi32.dll:NetDfsGetSecurity (123) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC47CE->72ED7741
Function netapi32.dll:NetDfsGetStdContainerSecurity (124) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC47E7->72ED3AD5
Function netapi32.dll:NetDfsGetSupportedNamespaceVersion (125) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC480C->72ED5C19
Function netapi32.dll:NetDfsManagerGetConfigInfo (126) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4836->72ED2E9C
Function netapi32.dll:NetDfsManagerInitialize (127) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4858->72ED2F91
Function netapi32.dll:NetDfsManagerSendSiteInfo (128) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4877->72ED72C5
Function netapi32.dll:NetDfsMove (129) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4898->72ED5651
Function netapi32.dll:NetDfsRemove (130) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC48AA->72ED7A19
Function netapi32.dll:NetDfsRemoveFtRoot (131) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC48BE->72ED6A99
Function netapi32.dll:NetDfsRemoveFtRootForced (132) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC48D8->72ED6BE5
Function netapi32.dll:NetDfsRemoveRootTarget (133) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC48F8->72ED5879
Function netapi32.dll:NetDfsRemoveStdRoot (134) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4916->72ED2CE1
Function netapi32.dll:NetDfsRename (135) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4931->72ED2E91
Function netapi32.dll:NetDfsSetClientInfo (136) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4945->72ED4301
Function netapi32.dll:NetDfsSetFtContainerSecurity (137) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4960->72ED53AF
Function netapi32.dll:NetDfsSetInfo (138) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4984->72ED6D8B
Function netapi32.dll:NetDfsSetSecurity (139) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4999->72ED7822
Function netapi32.dll:NetDfsSetStdContainerSecurity (140) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC49B2->72ED3B24
Function netapi32.dll:NetEnumerateComputerNames (141) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC49D7->73D85E39
Function netapi32.dll:NetEnumerateServiceAccounts (142) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC49F8->72D57199
Function netapi32.dll:NetEnumerateTrustedDomains (143) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A1D->72D5652E
Function netapi32.dll:NetFileClose (147) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A41->73D95659
Function netapi32.dll:NetFileEnum (148) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A55->73D95729
Function netapi32.dll:NetFileGetInfo (149) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A68->73D95859
Function netapi32.dll:NetGetAnyDCName (150) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A7E->72D5496D
Function netapi32.dll:NetGetDCName (151) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4A97->72D55913
Function netapi32.dll:NetGetDisplayInformationIndex (152) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4AAD->73094117
Function netapi32.dll:NetGetJoinInformation (153) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4AD2->73D82DC7
Function netapi32.dll:NetGetJoinableOUs (154) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4AEF->73D859D1
Function netapi32.dll:NetGroupAdd (155) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B08->730971C3
Function netapi32.dll:NetGroupAddUser (156) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B1B->730973AD
Function netapi32.dll:NetGroupDel (157) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B32->730973CB
Function netapi32.dll:NetGroupDelUser (158) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B45->730973EB
Function netapi32.dll:NetGroupEnum (159) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B5C->73097409
Function netapi32.dll:NetGroupGetInfo (160) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B70->730978C8
Function netapi32.dll:NetGroupGetUsers (161) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B87->73097952
Function netapi32.dll:NetGroupSetInfo (162) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4B9F->73097C02
Function netapi32.dll:NetGroupSetUsers (163) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4BB6->73097DAE
Function netapi32.dll:NetIsServiceAccount (164) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4BCE->72D572D9
Function netapi32.dll:NetJoinDomain (165) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4BEB->73D854B9
Function netapi32.dll:NetLocalGroupAdd (166) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C00->7309875A
Function netapi32.dll:NetLocalGroupAddMember (167) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C18->73098886
Function netapi32.dll:NetLocalGroupAddMembers (168) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C36->73098E99
Function netapi32.dll:NetLocalGroupDel (169) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C55->730988A4
Function netapi32.dll:NetLocalGroupDelMember (170) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C6D->73098928
Function netapi32.dll:NetLocalGroupDelMembers (171) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4C8B->73098EBD
Function netapi32.dll:NetLocalGroupEnum (172) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4CAA->73098946
Function netapi32.dll:NetLocalGroupGetInfo (173) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4CC3->73098CE4
Function netapi32.dll:NetLocalGroupGetMembers (174) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4CDF->73092265
Function netapi32.dll:NetLocalGroupSetInfo (175) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4CFE->73098D57
Function netapi32.dll:NetLocalGroupSetMembers (176) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4D1A->73098E75
Function netapi32.dll:NetLogonGetTimeServiceParentDomain (177) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4D39->72D56CE9
Function netapi32.dll:NetLogonSetServiceBits (178) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4D65->72D4603C
Function netapi32.dll:NetProvisionComputerAccount (184) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4D85->72D2F2D3
Function netapi32.dll:NetQueryDisplayInformation (185) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4DA9->73093D87
Function netapi32.dll:NetQueryServiceAccount (186) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4DCB->72D57249
Function netapi32.dll:NetRemoteComputerSupports (188) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4DEB->73DB2160
Function netapi32.dll:NetRemoteTOD (189) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4E0E->73D96C11
Function netapi32.dll:NetRemoveAlternateComputerName (190) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4E22->73D85C29
Function netapi32.dll:NetRemoveServiceAccount (191) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4E48->72D57129
Function netapi32.dll:NetRenameMachineInDomain (192) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4E69->73D85751
Function netapi32.dll:NetRequestOfflineDomainJoin (208) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4E89->72D2B52F
Function netapi32.dll:NetScheduleJobAdd (209) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4EAD->72EC19D1
Function netapi32.dll:NetScheduleJobDel (210) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4EC8->72EC1AC9
Function netapi32.dll:NetScheduleJobEnum (211) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4EE3->72EC1BC1
Function netapi32.dll:NetScheduleJobGetInfo (212) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4EFF->72EC1CE1
Function netapi32.dll:NetServerAliasAdd (213) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4F1E->73D97843
Function netapi32.dll:NetServerAliasDel (214) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4F37->73D97A79
Function netapi32.dll:NetServerAliasEnum (215) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4F50->73D97931
Function netapi32.dll:NetServerComputerNameAdd (216) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4F6A->73D97411
Function netapi32.dll:NetServerComputerNameDel (217) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4F8A->73D976FB
Function netapi32.dll:NetServerDiskEnum (218) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4FAA->73D96559
Function netapi32.dll:NetServerEnum (219) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4FC3->72F12F61
Function netapi32.dll:NetServerEnumEx (220) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4FD9->72F12C5F
Function netapi32.dll:NetServerGetInfo (221) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC4FF1->73D93CFA
Function netapi32.dll:NetServerSetInfo (222) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5009->73D96681
Function netapi32.dll:NetServerTransportAdd (223) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5021->73D96851
Function netapi32.dll:NetServerTransportAddEx (224) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC503E->73D97329
Function netapi32.dll:NetServerTransportDel (225) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC505D->73D96A01
Function netapi32.dll:NetServerTransportEnum (226) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC507A->73D96AD9
Function netapi32.dll:NetSessionDel (231) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5098->73D95941
Function netapi32.dll:NetSessionEnum (232) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC50AD->73D95A11
Function netapi32.dll:NetSessionGetInfo (233) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC50C3->73D95B41
Function netapi32.dll:NetSetPrimaryComputerName (234) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC50DC->73D85D31
Function netapi32.dll:NetShareAdd (235) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC50FD->73D95C81
Function netapi32.dll:NetShareCheck (236) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5110->73D95E91
Function netapi32.dll:NetShareDel (237) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5125->73D95F81
Function netapi32.dll:NetShareDelEx (238) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5138->73D97B61
Function netapi32.dll:NetShareDelSticky (239) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC514D->73D960D1
Function netapi32.dll:NetShareEnum (240) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5166->73D93F91
Function netapi32.dll:NetShareEnumSticky (241) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC517A->73D961C9
Function netapi32.dll:NetShareGetInfo (242) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5194->73D9433F
Function netapi32.dll:NetShareSetInfo (243) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC51AB->73D96341
Function netapi32.dll:NetUnjoinDomain (245) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC51C2->73D85641
Function netapi32.dll:NetUseAdd (247) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC51D9->73D83693
Function netapi32.dll:NetUseDel (248) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC51EA->73D85FA9
Function netapi32.dll:NetUseEnum (249) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC51FB->73D83184
Function netapi32.dll:NetUseGetInfo (250) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC520D->73D86039
Function netapi32.dll:NetUserAdd (251) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5222->7309464F
Function netapi32.dll:NetUserChangePassword (252) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5234->73095A06
Function netapi32.dll:NetUserDel (253) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5251->73094826
Function netapi32.dll:NetUserEnum (254) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5263->730949D6
Function netapi32.dll:NetUserGetGroups (255) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5276->73094E01
Function netapi32.dll:NetUserGetInfo (256) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC528E->73091C60
Function netapi32.dll:NetUserGetLocalGroups (257) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC52A4->73092875
Function netapi32.dll:NetUserModalsGet (258) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC52C1->7309206B
Function netapi32.dll:NetUserModalsSet (259) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC52D9->730954AA
Function netapi32.dll:NetUserSetGroups (260) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC52F1->73095095
Function netapi32.dll:NetUserSetInfo (261) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5309->73094D1D
Function netapi32.dll:NetValidateName (262) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC531F->73D85859
Function netapi32.dll:NetValidatePasswordPolicy (263) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5336->73099967
Function netapi32.dll:NetValidatePasswordPolicyFree (264) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5357->73099B6B
Function netapi32.dll:NetWkstaTransportAdd (267) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC537C->73D84E45
Function netapi32.dll:NetWkstaTransportDel (268) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5398->73D84F21
Function netapi32.dll:NetWkstaTransportEnum (269) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC53B4->73D84CF9
Function netapi32.dll:NetWkstaUserEnum (270) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC53D1->73D84AD1
Function netapi32.dll:NetWkstaUserGetInfo (271) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC53E9->73D83280
Function netapi32.dll:NetWkstaUserSetInfo (272) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5404->73D84C15
Function netapi32.dll:NetapipBufferAllocate (273) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC541F->73DB37AA
Function netapi32.dll:NetpIsRemote (289) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC543E->73DB382D
Function netapi32.dll:NetpwNameCanonicalize (296) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5454->73DB1C30
Function netapi32.dll:NetpwNameCompare (297) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5473->73DB1F2E
Function netapi32.dll:NetpwNameValidate (298) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC548D->73DB1990
Function netapi32.dll:NetpwPathCanonicalize (299) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC54A8->73DB275D
Function netapi32.dll:NetpwPathCompare (300) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC54C7->73DB4086
Function netapi32.dll:NetpwPathType (301) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC54E1->73DB2533
Function netapi32.dll:NlBindingAddServerToCache (302) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC54F8->72D461F8
Function netapi32.dll:NlBindingRemoveServerFromCache (303) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC551B->72D45D67
Function netapi32.dll:NlBindingSetAuthInfo (304) intercepted, method - ProcAddressHijack.GetProcAddress ->73DC5543->72D46198
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
Number of processes found: 11
Number of modules loaded: 201
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "C:\Windows\SysWOW64\guard32.dll"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: Schedule (Agendador de Tarefas)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
>> Process termination timeout is out of admissible values
>> Service termination timeout is out of admissible values
>> Timeout of "Not Responding" verdict for processes is out of admissible values
Checking - complete
Files scanned: 212, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 17/07/2010 10:57:48
Time of scanning: 00:00:21
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference



Me ajudem, por favor
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#2 Por igoreso
17/07/2010 - 18:51
Faça o download do OTL e salve em seu Desktop:
http://oldtimer.geekstogo.com/OTL.exe

Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
17c004ff757474cda22635c154079dfa

Deixe a tela principal configurada conforme figura abaixo:
http://i43.tinypic.com/npp3qe.jpg
Selecione estas linhas na codebox, clique com o direito sobre a seleção, e escolha a opção copiar:
netsvcs
msconfig
drivers32/all
safebootminimal
safebootnetwork
CREATERESTOREPOINT
%SYSTEMDRIVE%\*.* /90 /s
%systemroot%\*. /mp /s
%SystemDrive%\$recycle.bin\*.* /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Tasks\*.job /90
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.exe
%systemroot%\system32\config\*.dll
%systemroot%\system32\config\*.exe
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\Internet Explorer\*.* /90
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Update\*.*
%PROGRAMFILES%\*.*
%Temp%\*.exe
%Temp%\*.dll
%UserProfile%\*.dll
%UserProfile%\*.sys
%UserProfile%\*.exe
%windir%\Fonts\*.dll
%windir%\Fonts\*.sys
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%windir%\Fonts\*.exe
%AppData%\*.exe
%AppData%\*.dll
%AppData%\*.sys
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2 /rs

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar
db99308039640660fd5aef9162284a00
Clique no botão Verificar
Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.
O exame demora um pouco, tenha paciência.

Quando terminar será gerado dois logs: OTL.txt e Extras.txt.
Poste os dois logs em sua próxima resposta, não exclua o OTL.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

WehaveallGHD
WehaveallGHD Novo Membro Registrado
20 Mensagens 0 Curtidas
#3 Por WehaveallGHD
17/07/2010 - 19:37
Cara, antes de mais nada, muito obrigado por sua ajuda. . Aguardo seus diagnóstico. Grato.

Primeiro o Extras.


OTL Extras logfile created on: 17/07/2010 18:58:48 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Valjean\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,16 Gb Total Space | 18,49 Gb Free Space | 46,04% Space Free | Partition Type: NTFS
Drive D: | 78,90 Gb Total Space | 46,55 Gb Free Space | 59,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK
Current User Name: Valjean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Software Intel(R) PROSet/Wireless WiFi
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{5C98193B-C038-473D-83E5-EA6E5591267B}" = Foxit PDF IFilter
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Atualização de Driver do Windows Mobile Device Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"GIMP-2_is1" = GIMP 2.7.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.7.0
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AD0DE47-F69A-425B-AFD8-EC3E8674F180}" = iSiloX
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Rename4u
"{1CEE6451-4174-4343-ABD2-02957C3D11A9}" = iSilo
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{92F8DFD1-2EE7-4316-BBD9-74E51E3D3BD2}" = ResophNotes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Replace Tools" = Advanced Replace Tools (remove only)
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Comodo TrustConnect™_is1" = Comodo TrustConnect™ v.1.7.1
"Dicionário eletrônico Houaiss da língua portuguesa_is1" = Dicionário eletrônico Houaiss 3.0
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"Gizmo Central" = Gizmo Central
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IObit Security 360_is1" = IObit Security 360
"IPShifter_is1" = IPShifter 2.3
"KWorld RC Utility_is1" = KWorld Multimedia -- RC Utility Utilities
"KWorld USB PVR-TV Driver_is1" = KWorld USB PVR-TV Driver
"magisterdv" = Remover DVD Magister ...
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Rainlendar2" = Rainlendar2 (remove only)
"Replay_Media_Splitter_1.2" = WM Splitter 1.7.1004
"Revo Uninstaller" = Revo Uninstaller 1.89
"ShortKeys 3" = ShortKeys 3
"Simple PDF Merger_is1" = Simple PDF Merger 1.0
"TomTom HOME" = TomTom HOME 2.7.4.1962
"WinPcapInst" = WinPcap 4.1.1
"Winstep Xtreme_is1" = Nexus 10.6
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.41
"WM Capture" = WM Capture

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WM Recorder 14" = WM Recorder 14

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2010 21:15:21 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3016
Description = Não é possível atualizar o valor Last Help da chave SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance.
O primeiro DWORD da seção de dados contém o código de erro e o segundo contém o
valor atualizado.

Error - 14/07/2010 21:15:21 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3016
Description = Não é possível atualizar o valor First Counter da chave SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance.
O primeiro DWORD da seção de dados contém o código de erro e o segundo contém o
valor atualizado.

Error - 14/07/2010 21:15:21 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3016
Description = Não é possível atualizar o valor First Help da chave SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance.
O primeiro DWORD da seção de dados contém o código de erro e o segundo contém o
valor atualizado.

Error - 14/07/2010 21:15:21 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3016
Description = Não é possível atualizar o valor Object List da chave SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance.
O primeiro DWORD da seção de dados contém o código de erro e o segundo contém o
valor atualizado.

Error - 15/07/2010 11:46:22 | Computer Name = Notebook | Source = MsiInstaller | ID = 11713
Description =

Error - 15/07/2010 11:46:45 | Computer Name = Notebook | Source = MsiInstaller | ID = 11713
Description =

Error - 15/07/2010 16:04:56 | Computer Name = Notebook | Source = pctsSvc.exe | ID = 0
Description =

Error - 15/07/2010 19:10:36 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = O programa Core Temp.exe versão 0.99.7.3 parou de interagir com o
Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 80c Hora de Início: 01cb2469efb9ad31 Hora de Término: 23 Caminho do Aplicativo:
C:\Program Files (x86)\Coretemp\Core Temp.exe Id do Relatório:

Error - 15/07/2010 19:22:15 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = O programa Core Temp.exe versão 0.99.7.3 parou de interagir com o
Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 5a0 Hora de Início: 01cb247465cef892 Hora de Término: 14 Caminho do Aplicativo:
C:\Program Files (x86)\Coretemp\Core Temp.exe Id do Relatório:

Error - 16/07/2010 22:18:08 | Computer Name = Notebook | Source = MsiInstaller | ID = 1013
Description =

[ Media Center Events ]
Error - 01/07/2010 10:18:19 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 11:18:18 - Erro ao estabelecer conexão com a Internet. 11:18:18 -
Não foi possível contatar o servidor..

Error - 01/07/2010 11:19:51 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 12:19:51 - Erro ao estabelecer conexão com a Internet. 12:19:51 -
Não foi possível contatar o servidor..

Error - 01/07/2010 11:21:21 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 12:21:20 - Erro ao estabelecer conexão com a Internet. 12:21:20 -
Não foi possível contatar o servidor..

Error - 01/07/2010 12:23:35 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:23:35 - Erro ao estabelecer conexão com a Internet. 13:23:35 -
Não foi possível contatar o servidor..

Error - 01/07/2010 12:25:48 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:25:46 - Erro ao estabelecer conexão com a Internet. 13:25:46 -
Não foi possível contatar o servidor..

Error - 16/12/2011 15:52:59 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 17:52:55 - Erro ao estabelecer conexão com a Internet. 17:52:56 -
Não foi possível contatar o servidor..

Error - 15/07/2010 12:35:53 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:35:52 - Erro ao estabelecer conexão com a Internet. 13:35:52 -
Não foi possível contatar o servidor..

Error - 15/07/2010 12:37:06 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:36:45 - Erro ao estabelecer conexão com a Internet. 13:36:45 -
Não foi possível contatar o servidor..

Error - 15/07/2010 13:38:42 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 14:38:42 - Erro ao estabelecer conexão com a Internet. 14:38:42 -
Não foi possível contatar o servidor..

Error - 15/07/2010 13:39:55 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 14:39:50 - Erro ao estabelecer conexão com a Internet. 14:39:50 -
Não foi possível contatar o servidor..

[ System Events ]
Error - 29/04/2010 17:09:58 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço lxdxCATSCustConnectService.

Error - 29/04/2010 17:09:58 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço lxdxCATSCustConnectService devido
ao seguinte erro: %%1053

Error - 29/04/2010 17:59:39 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço lxdxCATSCustConnectService.

Error - 29/04/2010 17:59:39 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço lxdxCATSCustConnectService devido
ao seguinte erro: %%1053

Error - 30/04/2010 08:16:16 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço lxdxCATSCustConnectService.

Error - 30/04/2010 08:16:16 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço lxdxCATSCustConnectService devido
ao seguinte erro: %%1053

Error - 30/04/2010 11:44:08 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço lxdxCATSCustConnectService.

Error - 30/04/2010 11:44:08 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço lxdxCATSCustConnectService devido
ao seguinte erro: %%1053

Error - 30/04/2010 21:33:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço lxdxCATSCustConnectService.

Error - 30/04/2010 21:33:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço lxdxCATSCustConnectService devido
ao seguinte erro: %%1053


< End of report >

o OTL deu 2.8 mega, não consigo mandar por aqui. Vou tentar upar no rapidshsare
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#9 Por igoreso
17/07/2010 - 20:46
-- ETAPA 1 --
Acesse o VirusTotal.com
http://www.virustotal.com/pt

Copie este caminho em vermelho e cole ao lado do botão
Procurar
C:\Windows\SysNative\drivers\VSTDPV6.SYS
C:\Windows\SysNative\drivers\VSTCNXT6.SYS
C:\Windows\SysNative\drivers\VSTAZL6.SYS
C:\Windows\SysNative\drivers\cxcir64.sys
C:\Windows\SysNative\Drivers\vde2mjk5.sys
C:\Windows\SysNative\Drivers\uze2mjk5.sys
C:\Windows\SysNative\drivers\b57nd60a.sys

Depois clique em
Enviar Arquivo

Aguarde a análise, depois copie o resultado e cole na sua resposta.

-- ETAPA 2 --
Fazer download aqui avz4.zip
# Descompacte-lo em sua área de trabalho para uma pasta denominada avz4
# Duplo clique em AVZ.exe para executá-lo.
# Execute uma atualização clicando no botão de atualização automática sobre o direito da janela de log:avz-update-button.png
Clique em Start para começar a atualização
Nota: Se você receber uma mensagem de erro, escolheu uma fonte diferente, clique em iniciar novamente
# Inicie AVZ.
# Escolha no menu "File" = > "Standard scripts" e marque a caixa de seleção "Advanced System Analysis with malware removal mode enabled".
avz-standardscripts-asa-removal.png
# Clique em "Execute selected scripts”.
# Verificação do sistema e escaneamento, cura e sistema automática será executada.
# Um arquivo de log (avz_sysinfo.htm) será criado e salvo na pasta de LOG no diretório AVZ virusinfo_syscure.zip.
# É necessário reinicializar o computador, porque AVZ possa perturbar algumas operações de programa (como antiviruses e firewall) durante a varredura de sistema.
# Todos os aplicativos funcionarão corretamente após a reinicialização do sistema.
avz-standardscripts-asa.png
Reinicie o AVZ
# Inicie AVZ.
# Escolha no menu "File" = > "Standard scripts" e marque a caixa de seleção "Advanced System Analysis".
# Estalesobre "Execute selected scripts".
# Uma verificação do sistema será realizada automaticamente, e o arquivo de log criado (avz_sysinfo.htm) serão salvas na pasta de LOG no diretório AVZ virusinfo_syscheck.zip.
Anexar seu próximo poste virusinfo_syscure.zip e virusinfo_syscheck.zip
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

WehaveallGHD
WehaveallGHD Novo Membro Registrado
20 Mensagens 0 Curtidas
#10 Por WehaveallGHD
17/07/2010 - 21:03
Análise do Primeiro Arquivo

http://www.virustotal.com/pt/analisis/fea4debaec3465e0c7c1e8b721805922f6bbcb96a60a193b11688f4252f4b89e-1266024906



http://www.virustotal.com/pt/analisis/0138a68958112101a5d3bd94114f320ce80b0c9a93e009ac78de7415fccc7de7-1266024843

http://www.virustotal.com/pt/analisis/63376322bffaff2f166af3fdd3f1a346c21fae21f406f659f8630779d1d6525d-1266024541



Antivírus Versão Última Atualização Resultado a-squared5.0.0.312010.07.17-AhnLab-V32010.07.17.002010.07.16-AntiVir8.2.4.122010.07.16-Antiy-AVL2.0.3.72010.07.15-Authentium5.2.0.52010.07.17-Avast4.8.1351.02010.07.17-Avast55.0.332.02010.07.17-AVG9.0.0.8362010.07.17-BitDefender7.22010.07.18-CAT-QuickHeal11.002010.07.16-ClamAV0.96.0.3-git2010.07.17-Comodo54602010.07.17-DrWeb5.0.2.033002010.07.18-eSafe7.0.17.02010.07.15-eTrust-Vet36.1.77152010.07.16-F-Prot4.6.1.1072010.07.17-F-Secure9.0.15370.02010.07.17-Fortinet4.1.143.02010.07.17-GData212010.07.18-IkarusT3.1.1.84.02010.07.17-Jiangmin13.0.9002010.07.17-Kaspersky7.0.0.1252010.07.17-McAfee5.400.0.11582010.07.18-McAfee-GW-Edition2010.12010.07.16-Microsoft1.60042010.07.17-NOD3252872010.07.17-Norman6.05.112010.07.17-nProtect2010-07-17.022010.07.17-Panda10.0.2.72010.07.17-PCTools7.0.3.52010.07.18-Rising22.56.04.042010.07.16-Sophos4.55.02010.07.17-Sunbelt65992010.07.18-SUPERAntiSpyware4.40.0.10062010.07.17-Symantec20101.1.1.72010.07.18-TheHacker6.5.2.1.3182010.07.16-TrendMicro9.120.0.10042010.07.17-TrendMicro-HouseCall9.120.0.10042010.07.18-VBA323.12.12.62010.07.16-ViRobot2010.7.12.39322010.07.17-VirusBuster5.0.27.02010.07.17- Informações adicionais File size: 44544 bytesMD5...: dfc6c2be93b3a6e04ce051b9e89abb03SHA1..: 75731b96a467b6f2e5d9e75521cfffa25836b743SHA256: 6f477355373f700c9d9a8f1d942444ccab8ba5f5416962feb644b922f9ae10e4ssdeep: 768:UAb4yPrkn6gC8/qPRKPRfxgLbFQrzMz4JmDht:UyDW/qPRK0nFoPJS
PEiD..: -PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd008
timedatestamp.....: 0x49f05e4b (Thu Apr 23 12:25:47 2009)
machinetype.......: 0x8664 (AMD64)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x860b 0x8800 5.30 53b3e7dc0c66108532831a38994cefcf
.rdata 0xa000 0x804 0xa00 3.17 bc9e3319f2428d01b8131d9dd6f75cdb
.data 0xb000 0x20a 0x400 1.82 6a2a1bab1d8431dbd05674b7026401c2
.pdata 0xc000 0x6d8 0x800 3.77 59bf67f84a6b467c6995bbce9c07c87e
INIT 0xd000 0x534 0x600 4.59 f9d2a8889ec1fc636cc49fe3753ef02a
.rsrc 0xe000 0x3c0 0x400 3.23 da1b395d988243e5d34983907666377a
.reloc 0xf000 0xb0 0x200 0.65 528a9954bcd166e20af5199bcb0de6a9

( 3 imports )
> ntoskrnl.exe: KeWaitForSingleObject, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, KeReleaseSpinLock, KeAcquireSpinLockRaiseToDpc, RtlAnsiStringToUnicodeString, RtlInitUnicodeString, RtlInitAnsiString, RtlFreeUnicodeString, ZwQueryValueKey, ZwClose, IoOpenDeviceRegistryKey, ZwOpenKey, KeInitializeEvent, IofCompleteRequest, PoCallDriver, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeMutex, KeReleaseMutex, IoCancelIrp, IoFreeIrp, IoAllocateIrp, IoInitializeIrp, PsCreateSystemThread, PsTerminateSystemThread, ObReferenceObjectByHandle, _purecall, KeBugCheckEx, ExFreePool, KeClearEvent, KeSetEvent, PoStartNextPowerIrp, ExAllocatePoolWithTag
> USBD.SYS: USBD_ParseConfigurationDescriptorEx, USBD_CreateConfigurationRequestEx
> HIDCLASS.SYS: HidRegisterMinidriver

( 0 exports )
RDS...: NSRL Reference Data Set
-pdfid.: -trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)sigcheck:
publisher....: Conexant Systems, Inc.
copyright....: Copyright _Conexant Systems, Inc. 2001
product......: cxcir.sys
description..: CXCIR.SYS: HID driver for IR Decoding
original name: CXCIR.SYS
internal name: CXCIR.SYS
file version.: 6.0.6001.18000 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



-----------------------------------------------

5º e 6º falou que não encontrou os arquivos!!!!!!!!!


-------------------------------------------------------------



http://www.virustotal.com/pt/analisis/1daa118d8ca3f97b34df3d3cda1c78eab2ed225699feabe89d331ae0cb7679fa-1265302653

Vou fazer o segundo passo agora, depois posto
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#11 Por igoreso
17/07/2010 - 21:15
Faça o download do OTL e salve em seu Desktop:
http://oldtimer.geekstogo.com/OTL.exe

Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
17c004ff757474cda22635c154079dfa

Deixe a tela principal configurada conforme figura abaixo:
http://i43.tinypic.com/npp3qe.jpg
Selecione estas linhas na codebox, clique com o direito sobre a seleção, e escolha a opção copiar:
C:\Windows\SysNative\drivers\cxcir64.sys
C:\Windows\SysNative\Drivers\vde2mjk5.sys
C:\Windows\SysNative\Drivers\uze2mjk5.sys

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar
db99308039640660fd5aef9162284a00
Clique no botão Verificação Rápida
Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.
O exame demora um pouco, tenha paciência.

Quando terminar será gerado dois logs: OTL.txt
Poste os dois logs em sua próxima resposta, não exclua o OTL.

Siga a Etapa 2. acima.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

WehaveallGHD
WehaveallGHD Novo Membro Registrado
20 Mensagens 0 Curtidas
#12 Por WehaveallGHD
17/07/2010 - 21:25
Antes de postar os logs, só pra avisar.. tinha tentado a etapa 2 antes de ver sua mensagem e dava o mesmo erro, agora vou tentar de novo depois da sua ultima mensagem.



OTL

OTL logfile created on: 17/07/2010 21:22:17 - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Valjean\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,16 Gb Total Space | 18,40 Gb Free Space | 45,81% Space Free | Partition Type: NTFS
Drive D: | 78,90 Gb Total Space | 46,56 Gb Free Space | 59,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK
Current User Name: Valjean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/17 18:53:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Valjean\Desktop\OTL.exe
PRC - [2010/07/11 06:42:46 | 002,199,040 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2010/07/10 00:36:22 | 008,858,163 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe
PRC - [2010/07/01 12:59:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/07/17 18:53:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Valjean\Desktop\OTL.exe
MOD - [2010/06/04 11:54:51 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2009/07/13 22:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009/07/13 22:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/04 11:48:25 | 002,348,600 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/04/10 17:25:46 | 000,342,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2010/03/09 23:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/08/19 09:30:59 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2009/08/19 09:30:52 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV:64bit: - [2009/07/13 22:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 22:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 22:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 22:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2010/05/07 09:36:10 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/01/28 16:55:12 | 000,031,856 | ---- | M] (Arainia Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2009/10/20 15:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/08/19 09:30:46 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\vde2mjk5.sys -- (vde2mjk5)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\uze2mjk5.sys -- (uze2mjk5)
DRV:64bit: - [2010/03/17 22:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Driver do adaptador Intel(R)
DRV:64bit: - [2010/03/10 18:23:48 | 000,300,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/09 23:56:02 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/25 20:51:04 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/14 10:13:14 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/11/25 12:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/24 21:43:10 | 000,416,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxpolar64.sys -- (CXPOLARIS)
DRV:64bit: - [2009/10/20 15:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/14 19:08:34 | 000,036,760 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/09 23:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/22 22:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 22:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 22:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 22:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 22:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 22:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 21:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/13 20:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 20:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 20:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 20:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 17:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Driver de adaptador Intel(R)
DRV:64bit: - [2009/06/10 17:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Driver do Intel(R)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/23 20:25:46 | 000,044,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cxcir64.sys -- (CXIR)
DRV:64bit: - [2008/09/18 16:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/06/03 08:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2006/11/17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2010/07/16 18:03:16 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\vde2mjk5.sys -- (vde2mjk5)
DRV - [2010/07/16 16:55:51 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\uze2mjk5.sys -- (uze2mjk5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 C0 A3 8C A3 23 CB 01 [binary data]
IE - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.11.5
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: [email]personas@christopher.bear[/email]d:1.5.3
FF - prefs.js..extensions.enabledItems: [email]foxmarks@kei.com[/email]:3.7.9
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email]support@lastpass.com[/email]:1.69.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [email]fdm_ffext@freedownloadmanager.org[/email]:1.3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/01 12:59:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/15 12:34:21 | 000,000,000 | ---D | M]

[2010/01/28 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Extensions
[2010/01/28 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/07/17 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions
[2010/03/26 12:22:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/06 19:49:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 09:33:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 09:51:05 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/06/03 11:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2010/06/18 12:18:22 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/07/14 21:35:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/08 21:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/29 20:22:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/17 20:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/07/02 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\foxmarks@kei.com
[2010/04/13 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\personas@christopher.beard
[2010/07/14 23:16:24 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\mozilla\Firefox\Profiles\pldd964j.default\extensions\support@lastpass.com
[2010/07/14 19:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/06/04 21:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/04 21:13:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/14 23:02:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/23 19:52:21 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2010/03/23 19:52:21 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2010/03/23 19:52:21 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/03/23 19:52:21 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/07/17 11:17:27 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Arquivos de Programas\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001..\Run: [GizmoDriveDelegate] C:\Arquivos de Programas (x86)\Gizmo\gdrive.dll File not found
O4 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Baixar com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Baixar com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files (x86)\iSilo\iSiloX\iSiloXIE.dll (DC & Co.)
O9 - Extra 'Tools' menuitem : iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files (x86)\iSilo\iSiloX\iSiloXIE.dll (DC & Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-666332052-3556255832-4131582488-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/17 21:09:13 | 000,000,000 | ---D | C] -- C:\Users\Valjean\Desktop\avz4
[2010/07/17 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/07/17 20:25:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010/07/17 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010/07/17 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/07/17 20:25:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010/07/17 20:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/07/17 20:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/07/17 19:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidUploader
[2010/07/17 18:53:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Valjean\Desktop\OTL.exe
[2010/07/17 14:52:20 | 000,000,000 | ---D | C] -- C:\Users\Valjean\.rainlendar2
[2010/07/17 14:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainlendar2
[2010/07/17 11:15:58 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2010/07/17 01:26:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/17 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\WinPatrol
[2010/07/17 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2010/07/17 00:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/07/17 00:23:08 | 000,000,000 | ---D | C] -- C:\Users\Valjean\Roaming
[2010/07/17 00:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010/07/17 00:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/07/17 00:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/07/17 00:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/16 23:07:26 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\Malwarebytes
[2010/07/16 23:07:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/16 23:07:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/16 23:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/16 23:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/16 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2010/07/16 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\Valjean\DoctorWeb
[2010/07/16 14:41:33 | 000,000,000 | ---D | C] -- C:\Atalhos Desktop
[2010/07/15 20:08:01 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\BatteryCare
[2010/07/15 17:08:12 | 000,074,880 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/15 17:08:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\SysWow64\drivers\ssmdrv.sys
[2010/07/15 17:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/15 17:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/07/15 13:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/15 13:45:48 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\DESIGNER
[2010/07/15 13:44:39 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Synchronization Services
[2010/07/15 13:44:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/15 13:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/15 13:44:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft SQL Server Compact Edition
[2010/07/15 13:41:22 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2010/07/15 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/15 13:41:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Analysis Services
[2010/07/15 13:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/07/15 13:40:48 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Office
[2010/07/15 13:40:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/15 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/07/15 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Local\Google
[2010/07/15 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/15 10:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/14 23:02:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Foxit Software
[2010/07/14 22:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/07/14 22:24:42 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\IObit
[2010/07/14 22:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/07/14 21:40:04 | 000,000,000 | ---D | C] -- C:\Users\Valjean\.ResophNotes
[2010/07/14 21:26:03 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\TuneUp Software
[2010/07/14 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/07/14 21:25:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/07/14 21:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResophNotes
[2010/07/14 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\Opera
[2010/07/14 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Local\Opera
[2010/07/14 21:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/07/14 19:55:43 | 000,798,208 | ---- | C] (Winstep Software Technologies) -- C:\Windows\SysWow64\NextControls.ocx
[2010/07/14 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Winstep
[2010/07/14 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winstep
[2010/07/06 21:12:32 | 000,000,000 | ---D | C] -- C:\Users\Valjean\Documents\gegl-0.1
[2010/07/06 21:12:32 | 000,000,000 | ---D | C] -- C:\Users\Valjean\.gimp-2.7
[2010/07/06 21:10:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\GIMP 2.7
[2010/07/06 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\USBSafelyRemove
[2010/07/06 21:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\USBSRService
[2010/07/05 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KellySoftware
[2010/07/05 23:36:50 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\ART
[2010/07/05 23:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ART
[2010/07/05 23:36:01 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/07/05 23:09:03 | 000,000,000 | ---D | C] -- C:\Produtos Magister
[2010/07/02 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\Dragonshorn Studios
[2010/07/02 14:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragonshorn Studios
[2010/06/29 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\Foxit Software
[2010/06/24 15:00:31 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MPC HomeCinema (x64)
[2010/06/24 14:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/24 14:36:47 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\KLCP64
[2010/06/22 17:56:32 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\PlayReady
[2010/06/22 11:42:18 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\Mirillis
[2010/06/22 11:42:18 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Local\Mirillis
[2010/06/22 11:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirillis
[2010/06/22 10:11:12 | 000,000,000 | ---D | C] -- C:\Users\Valjean\Documents\ArcSoft ToGo
[2010/06/22 10:10:43 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\KWorld Multimedia
[2010/06/22 10:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/06/22 10:10:21 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\ArcSoft
[2010/06/22 10:10:18 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2010/06/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2010/06/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2010/06/22 09:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/22 09:44:16 | 000,000,000 | ---D | C] -- C:\Windows\CONX
[2010/06/22 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KWorld MultiMedia
[2010/06/11 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Local\FullTiltPoker
[2010/06/11 00:26:42 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010/06/11 00:26:39 | 000,308,224 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010/06/11 00:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/06/11 00:15:17 | 000,000,000 | ---D | C] -- C:\Windows\WM Splitter
[2010/06/11 00:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WM Splitter
[2010/06/11 00:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMCap
[2010/06/11 00:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR14
[2010/06/10 21:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2010/06/10 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2010/06/10 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Roaming\iSilo
[2010/06/10 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSilo
[2010/06/04 21:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/04 21:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/05/24 13:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/05/20 15:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Race2Play
[2010/05/17 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Valjean\Documents\Arquivos do Outlook
[2010/05/15 15:52:24 | 000,505,856 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2010/05/15 15:52:24 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2010/05/15 15:52:23 | 001,472,000 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2010/05/15 15:52:23 | 000,644,608 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2010/05/15 15:52:23 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646274.dll
[2010/05/15 15:52:20 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\IDT
[2010/05/06 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2010/04/26 12:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/04/19 10:18:38 | 000,000,000 | ---D | C] -- C:\Users\Valjean\AppData\Local\FixItCenter
[2010/04/19 10:16:45 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Fix it Center
[2010/04/19 10:16:45 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/02/04 08:31:36 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2010/02/04 08:31:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2010/02/04 08:31:36 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2010/02/04 08:31:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2010/02/04 08:31:36 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2010/02/04 08:31:36 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2010/02/04 08:31:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2010/02/04 08:31:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2010/02/04 08:31:36 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2010/02/04 08:31:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

========== Files - Modified Within 90 Days ==========

[2010/07/17 21:23:24 | 006,291,456 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT
[2010/07/17 20:27:21 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Valjean.job
[2010/07/17 20:25:26 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/07/17 20:25:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/07/17 18:53:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Valjean\Desktop\OTL.exe
[2010/07/17 15:54:57 | 000,015,885 | ---- | M] () -- C:\Windows\som_de_cuco.wav
[2010/07/17 14:52:15 | 000,001,946 | ---- | M] () -- C:\Users\Valjean\Desktop\Rainlendar2.lnk
[2010/07/17 12:17:21 | 000,004,608 | ---- | M] () -- C:\Users\Valjean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 01:11:44 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 01:11:44 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 01:08:56 | 001,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/17 01:08:56 | 000,655,008 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/07/17 01:08:56 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/17 01:08:56 | 000,125,460 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/07/17 01:08:56 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/17 01:04:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/17 01:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/17 01:04:22 | 3183,411,200 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 01:03:58 | 001,416,891 | -H-- | M] () -- C:\Users\Valjean\AppData\Local\IconCache.db
[2010/07/16 18:03:16 | 000,013,312 | ---- | M] () -- C:\Windows\SysWow64\drivers\vde2mjk5.sys
[2010/07/16 16:55:51 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uze2mjk5.sys
[2010/07/15 17:29:33 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\scud.udf
[2010/07/15 17:08:20 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2010/07/15 14:00:49 | 000,090,504 | ---- | M] () -- C:\Users\Valjean\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/15 14:00:43 | 000,361,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/15 13:42:01 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/14 21:50:45 | 000,524,288 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 21:50:45 | 000,524,288 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 21:50:45 | 000,065,536 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TM.blf
[2010/07/14 19:55:55 | 000,001,052 | ---- | M] () -- C:\Users\Valjean\Documents\Winstep.lnk
[2010/07/14 19:36:51 | 000,000,032 | ---- | M] () -- C:\Windows\wininit.ini
[2010/07/14 15:00:00 | 000,136,704 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2010/07/05 23:13:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2010/07/03 20:16:53 | 000,001,062 | RHS- | M] () -- C:\Users\Valjean\ntuser.pol
[2010/06/18 02:37:59 | 000,524,288 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TMContainer00000000000000000002.regtrans-ms
[2010/06/18 02:37:59 | 000,524,288 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TMContainer00000000000000000001.regtrans-ms
[2010/06/18 02:37:59 | 000,065,536 | -HS- | M] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TM.blf
[2010/05/13 12:54:39 | 000,004,997 | ---- | M] () -- C:\Users\Valjean\.recently-used.xbel
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/17 20:25:27 | 000,000,502 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Valjean.job
[2010/07/17 20:25:26 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/07/17 20:25:21 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/07/17 15:54:57 | 000,015,885 | ---- | C] () -- C:\Windows\som_de_cuco.wav
[2010/07/17 14:52:15 | 000,001,946 | ---- | C] () -- C:\Users\Valjean\Desktop\Rainlendar2.lnk
[2010/07/17 12:07:15 | 000,004,608 | ---- | C] () -- C:\Users\Valjean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 18:03:16 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\vde2mjk5.sys
[2010/07/16 16:55:46 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uze2mjk5.sys
[2010/07/15 17:29:33 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\scud.udf
[2010/07/15 17:08:20 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2010/07/14 19:55:55 | 000,001,052 | ---- | C] () -- C:\Users\Valjean\Documents\Winstep.lnk
[2010/07/14 19:24:07 | 000,524,288 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 19:24:06 | 000,524,288 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 19:24:06 | 000,065,536 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{79535948-8f96-11df-8855-0022fbbff8b4}.TM.blf
[2010/07/14 19:23:53 | 3183,411,200 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/05 23:13:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2010/06/24 14:36:49 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2010/06/24 14:36:48 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2010/06/22 09:44:20 | 000,016,382 | ---- | C] () -- C:\Windows\SysNative\drivers\merlind.rom
[2010/06/18 02:36:14 | 000,524,288 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TMContainer00000000000000000002.regtrans-ms
[2010/06/18 02:36:13 | 000,524,288 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TMContainer00000000000000000001.regtrans-ms
[2010/06/18 02:36:13 | 000,065,536 | -HS- | C] () -- C:\Users\Valjean\NTUSER.DAT{6165f6e5-7a9b-11df-bfec-0022fbbff8b4}.TM.blf
[2010/06/10 21:42:23 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2010/05/13 12:54:39 | 000,004,997 | ---- | C] () -- C:\Users\Valjean\.recently-used.xbel
[2010/04/13 19:29:54 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/13 19:29:54 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/25 16:27:15 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/02 16:24:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll
[2010/02/28 01:14:37 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/02/04 08:31:36 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2010/02/04 08:31:36 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2010/01/28 21:26:41 | 001,509,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/28 20:15:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2010/01/28 20:15:11 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2010/01/28 20:15:11 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2009/10/20 15:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/05 23:39:47 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\ART
[2010/07/15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\BatteryCare
[2010/07/02 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Dragonshorn Studios
[2010/01/28 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Foxit
[2010/06/29 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Foxit Software
[2010/07/16 18:38:21 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Free Download Manager
[2010/01/28 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Gizmo
[2010/01/28 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\GlarySoft
[2010/02/23 14:31:59 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\GrabPro
[2010/05/13 12:51:40 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\gtk-2.0
[2010/01/28 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Houaiss3
[2010/03/26 20:21:31 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\ImgBurn
[2010/07/14 22:24:42 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\IObit
[2010/06/10 20:35:25 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\iSilo
[2010/06/22 11:55:04 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\KWorld Multimedia
[2010/02/04 08:38:01 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Lexmark Productivity Studio
[2010/06/22 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Mirillis
[2010/07/14 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Opera
[2010/06/22 11:47:46 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\Orbit
[2010/01/28 16:07:54 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\TomTom
[2010/07/14 21:26:03 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\TuneUp Software
[2010/07/06 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\USBSafelyRemove
[2010/07/17 00:57:01 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\WinPatrol
[2010/01/29 11:36:30 | 000,000,000 | ---D | M] -- C:\Users\Valjean\AppData\Roaming\ZqWare
[2010/07/15 20:36:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\SysNative\drivers\cxcir64.sys >
[2009/04/23 20:25:46 | 000,044,544 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\cxcir64.sys

< C:\Windows\SysNative\Drivers\vde2mjk5.sys >

< C:\Windows\SysNative\Drivers\uze2mjk5.sys >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPbig_green.pngFC5A2B2
< End of report >



Só Gerou o OTL!
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#13 Por igoreso
17/07/2010 - 21:30
Faça o download SystemLook de um dos links abaixo e salve-o em seu Desktop.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
17c004ff757474cda22635c154079dfa
SystemLook.exe duplo clique para executá-lo.
Copiar o conteúdo do codebox a seguir para o campo de texto principal:
:filefind
uze2mjk5.sys
vde2mjk5.sys

Clique no botão Procurar para iniciar a análise.
Quando terminar, uma janela abrirá o Bloco de notas com os resultados da verificação. Por favor, post esse log na sua próxima resposta.
Nota: O registro também pode ser encontrado em seu desktop intitulado SystemLook.txt.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

WehaveallGHD
WehaveallGHD Novo Membro Registrado
20 Mensagens 0 Curtidas
#14 Por WehaveallGHD
17/07/2010 - 21:34
Antes de postar o log do system look...fiz o que mandou no OTL mas mesmo assim dava o mesmo erro no AVZ..chega naquela pasta e fica ao infinito.. Aí vai o log:


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:32 on 17/07/2010 by Valjean (Administrator - Elevation successful)

========== filefind ==========

Searching for "uze2mjk5.sys"
C:\Windows\System32\drivers\uze2mjk5.sys --a--- 11264 bytes [19:55 16/07/2010] [19:55 16/07/2010] D565AD44C6C4D934AFAD3CA4196B09AA
C:\Windows\SysWOW64\drivers\uze2mjk5.sys --a--- 11264 bytes [19:55 16/07/2010] [19:55 16/07/2010] D565AD44C6C4D934AFAD3CA4196B09AA

Searching for "vde2mjk5.sys "
C:\Windows\System32\drivers\vde2mjk5.sys --a--- 13312 bytes [21:03 16/07/2010] [21:03 16/07/2010] F0A0106D3DFFEAB05CCFA14A313EEB2D
C:\Windows\SysWOW64\drivers\vde2mjk5.sys --a--- 13312 bytes [21:03 16/07/2010] [21:03 16/07/2010] F0A0106D3DFFEAB05CCFA14A313EEB2D

-=End Of File=-
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#15 Por igoreso
17/07/2010 - 21:43
-- ETAPA 1 --
Abra o OTL.exe.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
17c004ff757474cda22635c154079dfa
Selecione estas linhas que estão na codebox, clique com o direito sobre a seleção e escolha a opção copiar:

rocesses
:Files
C:\Windows\SysWOW64\drivers\vde2mjk5.sys
C:\Windows\SysWOW64\drivers\uze2mjk5.sys

:Services
vde2mjk5
uze2mjk5

:OTL
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]

Execute o OTL.exe
Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar
Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Concertar
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.
Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.
Exemplo: 03142010_145545.log

-- ETAPA 2 --
Faça download do Kaspersky Removal Tool e salve em seu desktop.
Instale o programa normalmente, seguindo todas as instruções.
Uma pasta chamada Virus Removal Tool será criada no desktop.
Na tela do programa clique nas opções:
  • Meu computador
  • Hidden Startup objects
  • Disk boot sectors
  • System Memory

Clique no botão Start Scan.
Seja paciente, á análise é demorada!
Conforme for analisando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
  • Desinfection (se possível)
  • Delete
  • Skip

Quando aparecer, marque primeiro a opção abaixo Apply to all objects e depois clique numa das opções acima.
Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
  • Autoscan
  • Group by result
  • All Events

Expanda Autoscan clicando no sinal ao lado de +
Expanda Result: Detected.
Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
Abra o Bloco de Notas e cole (ctrl + v) ou Iniciar>Executar>digite Notpad
Dê um nome para o arquivo e salve numa pasta de sua preferência.
Feche o resultado clicando no botão Exit.
Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
Reinicie o computador quando for pedido.
Poste o conteúdo desse arquivo em sua próxima resposta.
OBS1: Note que as janelas durante o análise elas possuem cores diferentes dependendo do risco.
Portanto:
  • verde: baixo risco
  • amarelo: médio risco
  • vermelho: alto risco

Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em Skip.
OBS2: Se no resultado final da análise apenas tiver Result: OK, não será preciso gerar um relatório, apenas informe deste.

Novo log OTL feito igual ao anterior.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal